Wednesday, September 21, 2005


Wow, you guys were right about the checksum for credit cards! I got another one of those fake eBay trolling spams, and clicked it. They wanted me to log in, so I entered random keyboard swipes for username and password, which were accepted, naturally. Then it wanted a credit card (no name was requested, sadly, so good old Ali Saed Bin Ali El-Hoorie will have to wait.) This time I entered an example card number from a web page that explains checksums, and the number I entered on the scam site sailed right through to the thank-you screen!

Now all I need to do is write a Java program that generates dozens of such valid but fake numbers to feed to the scammers. Only, it's not as fun if you can't attach names from the FBI's Most Wanted list.

It was only in the shower that my victorious chuckle turned into a whimper of worry. See, the URL they sent me was probably unique to my email address. By responding at all, and entering an apparently valid credit card number, in essence I stamped a big sign on my forehead that says: "SUCKER!" I may expect lots more scam emails.

I also expect that they'll attempt to extract and use my real name from my email address if they try to use the credit card number. They might not try to use it, since after all it is an example on a web page explaining checksums. Trying to extract my name from my email address will be a problem for them, since, though it sounds like a real name, it really refers to large anatomy.

In light of these considerations, what I need to do is set up a blog for Ali Saed Bin Ali El-Hoorie, or whatever Most Wanted person who has not been caught, and incautiously post an email address on that page. Then, when the spiders1 pick that up and begin sending spam to it, I can respond from that email account, with a 'genuine' fake credit card number, and hopefully induce the scammers to try and buy things as a known terrorist.

There is yet one more danger, the danger that the FBI will pick up the apparent blog of Ali Saed Bin Ali El-Hoorie, use their infinitely superior snoop tools to track down the actual me in real life, and clap me in irons for associating with or aiding a terrorist. Sound stupid? That's why it's almost guaranteed.

So I plan to encipher a message into the blog of Ali Saed Bin Ali El-Hoorie, using a childishly simple cypher, such as the first letter of every word spelling out a message that this page is really being used to pass fake credit card numbers to scammers.

That would make for a mysterious and perhaps nonsensical blog, which might send the FBI into frenzies -- thinking they had caught the terrorist communicating in code. Don't laugh, our government really is that stupid.

If I do get arrested, and I live long enough to explain the preexisting message in the cypher, they'll probably charge me with using the internet for fraud. You got it: for passing fake credit card numbers.

A program that scans and indexes the web, or one that scans the web looking for email addresses.
Weblog Commenting and Trackback by